Answered: [Security threat] tags are not sanitized in extra question field
Post date: 2020-07-01 00:44:51
Views: 279

Hey q2apro, I think you are testing the default q_view_extra($q_view); function.

The default function is still safe. But if you pull the content from the databse, it's not safe.

First, look! The script is stored in database.

database

Second, if create a function to pull that content form the datase:

public function q_item_extra($q_item)
{
$postidz = $q_item'raw']'postid'];
$extra = qa_db_read_one_value(qa_db_query_sub(
       'SELECT content FROM ^postmetas WHERE title="qa_q_extra" AND postid=#',
        $postidz
   ), true);
 
 //$extra = $q_item'extra']'content'];
 
        $this->output('My info:'.$extra);   
   
}

Here's the result:

test

I hope you'll get my point.
Please click Here to read the full story.
 
Other Top and Latest Questions:
This is the greatest time ever for semiconductors, says CEO of key equipment supplier
Costco issues a lukewarm quarter, but delivers on the metric that matters most
Stranded with no Strands
Future bike commuter seeks outdoor weatherproof bike storage help
Oaxaca bound
Top Chef: Appalachian Celebration
Widow's Bay: Seasickness
Movie: The Drama
The Terror: The Devil in Silver: A Number in the System
More workers are raiding their 401(k)s as average balances fall, Fidelity says